raspap-webgui-mirror/installers/configauth.sh

57 lines
1.4 KiB
Bash
Raw Normal View History

2019-11-15 09:01:57 +00:00
#!/bin/bash
2019-11-17 10:17:57 +00:00
#
# Updates openvpn client.conf with auth credentials,
# adds iptables rules to forward traffic from tun0
# to configured wireless interface
# @author billz
# license: GNU General Public License v3.0
2020-03-24 17:45:04 +00:00
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
#set -o xtrace
2019-11-17 10:17:57 +00:00
file=$1
2019-11-17 18:20:25 +00:00
auth=$2
interface=$3
2020-03-24 17:45:04 +00:00
readonly rulesv4="/etc/iptables/rules.v4"
2019-11-17 18:20:25 +00:00
if [ "$auth" = 1 ]; then
2019-11-17 19:08:39 +00:00
echo "Enabling auth-user-pass in OpenVPN client.conf"
line='auth-user-pass'
if grep -q "$line" $file; then
echo "Updating $line"
sudo sed -i "s/$line/$line login.conf/g" $file
else
echo "Adding $line"
sudo sed -i "$ a $line login.conf" $file
fi
2019-11-15 09:01:57 +00:00
fi
# Configure NAT and forwarding with iptables
2020-03-24 17:45:04 +00:00
echo "Checking iptables rules"
rules=(
"-A POSTROUTING -o tun0 -j MASQUERADE"
"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
"-A FORWARD -i ${interface} -o tun0 -j ACCEPT"
2020-03-24 17:45:04 +00:00
)
2019-11-17 18:20:25 +00:00
2020-03-24 17:45:04 +00:00
for rule in "${rules[@]}"; do
if grep -- "$rule" $rulesv4 > /dev/null; then
echo "Rule already exits: ${rule}"
else
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding rule: ${rule}"
sudo iptables $rule
added=true
fi
done
if [ "$added" = true ]; then
echo "Persisting IP tables rules"
2020-03-25 23:00:26 +00:00
sudo iptables-save | sudo tee $rulesv4 > /dev/null
2020-03-24 17:45:04 +00:00
fi
2019-11-17 10:17:57 +00:00